Active Directory PowerShell ADSI ADSISearcher
Hello,
You have several ways to query Active Directory with PowerShell, some of them have prerequisites on the client, the server, or none. Today, we’ll see a few examples of such tools.
Active Directory PowerShell Module
Since Windows Server 2008 R2, Active Directory features the “Active Directory Web Services”, this allow us to use the ActiveDirectory module from a Windows 7/Windows Server 2008R2 host. This method has three requirements :
- Windows Server 2008R2 or higher as Domain Controller
- Windows Server 2008R2 or Windows 7 or higher as a PowerShell host
- Remote Server Administration Tools
You can also install Active Directory Management Gateway Services on older version of Windows Server that will provide the same features as Active Directory Web Services.
Note: It’s recommended to use the same level of RSAT module as the Active Directory Web Services you target:
- Windows Server 2008R2 / Windows 7
- Windows Server 2012 / Windows 8
- Windows Server 2012R2 / Windows 8.1
- Windows Server 2016 / Windows 10
Cross version will work, but you may experience some unexpected issues.
Hereunder a quick example:
Get-ADUser -Filter * -SearchBase "OU=Star Wars,OU=Production,DC=D2K12R2,DC=local"
Active Directory PowerShell ADSI ADSISearcher – Active Directory Module
You can find all available cmdlet in the module with (the list grow with versions):
Get-Command -Module ActiveDirectory
Active Directory PowerShell ADSI ADSISearcher
This method does not have any prerequisites, but it’s kind of less easy to use. Indeed, we need to create an ADSISearcher object (System.DirectoryServices.DirectorySearcher), give it some parameters, and then we can query the Active Directory.
Hereunder a quick example:
$ADSISearcher = [ADSISearcher]'(objectclass=user)' $ADSISearcher.SearchRoot = [ADSI]"LDAP://OU=Star Wars,OU=Production,DC=D2K12R2,DC=local" $ADSISearcher.FindAll()
Active Directory PowerShell ADSI ADSISearcher – ADSISearcher
As you can see, for the same query, there is a few more lines required, and the result is not quite as pretty.
Active Directory PowerShell ADSI ADSISearcher – The helper function
To ease this process I wrote a small function with some parameter completion to help you start querying Active Directory without any prerequisites, you can find it on GitHub, it may be updated on a regular basis or based on pull request/feedback:
https://github.com/edemilliere/ADSI/blob/master/Get-ADSIObject.ps1
Hereunder a quick example:
Get-ADSIObject -Property Name,Mail,description -DomainName D2K12R2.itfordummies.net | Out-GridView
Active Directory PowerShell ADSI ADSISearcher – Get-ADSIObject Example
Note: The users you see were created with an old blog post.
You can learn more about how to use this function with :
Show-Command Get-ADSIObject
Active Directory PowerShell ADSI ADSISearcher – Get-ADSIObject Show-Command
I have a work in progress of writing more function with ADSI and ADSISearcher on my GitHub account.